Cannot_match_source_hash when trying to set up the quickstart "app-profile-saml-jee-jsp"

Securing applications
,
1

I’m at my wits end wit this, so plerhaps someone here has faced a similar issue?
I was going through the SAML quickstart - configured my keycloak as per quickstart prerequisites, installed a new instance of wildfly, installed saml adapter, deployed the quickstart jee app. It starts and shows its index.jsp, when i try to log in into the app i’m successfully redirected to my keycloak but is produces this error:

[2022-02-14 13:25:37,198] [INFO] [thread=default task-2] [caller=com.netcracker.cloud.keycloak.provider.AuditLogEventListenerProvider] [requestId=1644834337192.0.5131017306597371] Got Event
        type=LOGIN_ERROR
        realmId=<realmId>
        clientId=null
        userId=null
        ipAddress=127.0.0.1
        error=client_not_found
        details:
                reason=Cannot_match_source_hash
[2022-02-14 13:25:37,202] [WARN] [thread=default task-2] [caller=org.keycloak.events] [requestId=1644834337192.0.5131017306597371] type=LOGIN_ERROR, realmId=<realmId>, clientId=null, userId=null, ipAddress=127.0.0.1, error=client_not_found, reason=Cannot_match_source_hash

Initially i thought it was about they keys, but i’m exporting the client with private key and cert directly from keycloak.

2

Ok, looking at the conde now i see that it extracts the issuer and tries to find a matching client. The error i see is produced by checkClientValidity when client==null.

String issuer = requestAbstractType.getIssuer() == null ? null : issuerNameId.getValue();
ClientModel client = realm.getClientByClientId(issuer);

Response error = checkClientValidity(client);

So i assume that my issuer of “http://localhost:8080/app-profile-saml/” is not equal to “app-profile-saml”. That would certainly be consistent with my previous experience when i was using keycloak as a broker for ADFS.
Wonder why quickstarts insists on naming the client just “app-profile-saml”…

Edit: Yep, renaming client to “http://localhost/app-profile-saml” was enough to make it work

3

Having exactly same issue, followed the SAML quickstart with same error, where exactly did you rename the client, in keycloak client config, Client ID field?

Edit: its ok got it working but with port number included, thx!